Loading EN-304-626.md +8 −10 Original line number Diff line number Diff line Loading @@ -1792,9 +1792,7 @@ The risk factors by type are: * Impact: PPII SNDS SNDT SENF ### C.4.3 List of threats, risk assessments, and mitigations #### C.4.3.1 TH-UEVU: Unknown exploitable vulnerabilities ### C.4.3 TH-UEVU: Unknown exploitable vulnerabilities Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. Loading Loading @@ -1824,7 +1822,7 @@ Mitigations for Impact: * High to Low: DJST, LOGG #### C.4.3.2 TH-KEVU: Known exploitable vulnerabilities ### C.4.4 TH-KEVU: Known exploitable vulnerabilities Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. Loading Loading @@ -1856,7 +1854,7 @@ Mitigations for Impact: * High to Low: WDOG #### C.4.3.3 TH-CONF: Access to assets via configuration errors ### C.4.5 TH-CONF: Access to assets via configuration errors Attacker may use configuration errors to get unauthorized access to the product assets. Loading Loading @@ -1886,7 +1884,7 @@ Mitigations for Impact: * High to Low: CDST, DJST, LOGG #### C.4.3.4 TH-UADT: Unauthorized access to confidential data transmitted ### C.4.6 TH-UADT: Unauthorized access to confidential data transmitted Attacker may use network access to get unauthorized access to confidential data transmitted by the product. Loading Loading @@ -1916,7 +1914,7 @@ Mitigations for Impact: * High to Low: DJST #### C.4.3.6 TH-PDOS: Denial of service attack on product functions via user or network access ### C.4.7 TH-PDOS: Denial of service attack on product functions via user or network access Attacker may use user or network access for a denial-of-service attack on product functions. Loading Loading @@ -1946,7 +1944,7 @@ Mitigations for Impact: * High to Low: AVNT, WDOG, FDRP, LMEM, FAIR, LOGG #### C.4.3.7 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions ### C.4.8 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions Attacker may use the network to exploit vulnerabilities in the product to attack other products. Loading Loading @@ -1974,7 +1972,7 @@ Mitigations for Impact: * High to Low: MDOC or (MNET, MAMP) #### C.4.3.8 TH-MQSE: Masquerading authorized server ### C.4.9 TH-MQSE: Masquerading authorized server Attacker may masquerade as an authorized server to get unauthorized access to product assets. Loading Loading @@ -2004,7 +2002,7 @@ Mitigations for Impact: * High to Low: LOGG #### C.4.3.9 TH-LEAK: Data leak through side channels ### C.4.10 TH-LEAK: Data leak through side channels Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. Loading Loading
EN-304-626.md +8 −10 Original line number Diff line number Diff line Loading @@ -1792,9 +1792,7 @@ The risk factors by type are: * Impact: PPII SNDS SNDT SENF ### C.4.3 List of threats, risk assessments, and mitigations #### C.4.3.1 TH-UEVU: Unknown exploitable vulnerabilities ### C.4.3 TH-UEVU: Unknown exploitable vulnerabilities Attacker may use unknown exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. Loading Loading @@ -1824,7 +1822,7 @@ Mitigations for Impact: * High to Low: DJST, LOGG #### C.4.3.2 TH-KEVU: Known exploitable vulnerabilities ### C.4.4 TH-KEVU: Known exploitable vulnerabilities Attacker may use known exploitable vulnerabilities in the product implementation to get unauthorized access to product assets. Loading Loading @@ -1856,7 +1854,7 @@ Mitigations for Impact: * High to Low: WDOG #### C.4.3.3 TH-CONF: Access to assets via configuration errors ### C.4.5 TH-CONF: Access to assets via configuration errors Attacker may use configuration errors to get unauthorized access to the product assets. Loading Loading @@ -1886,7 +1884,7 @@ Mitigations for Impact: * High to Low: CDST, DJST, LOGG #### C.4.3.4 TH-UADT: Unauthorized access to confidential data transmitted ### C.4.6 TH-UADT: Unauthorized access to confidential data transmitted Attacker may use network access to get unauthorized access to confidential data transmitted by the product. Loading Loading @@ -1916,7 +1914,7 @@ Mitigations for Impact: * High to Low: DJST #### C.4.3.6 TH-PDOS: Denial of service attack on product functions via user or network access ### C.4.7 TH-PDOS: Denial of service attack on product functions via user or network access Attacker may use user or network access for a denial-of-service attack on product functions. Loading Loading @@ -1946,7 +1944,7 @@ Mitigations for Impact: * High to Low: AVNT, WDOG, FDRP, LMEM, FAIR, LOGG #### C.4.3.7 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions ### C.4.8 TH-DDOS: Denial of service attack on other products via exploitation of vulnerabilities or unauthorized use of product functions Attacker may use the network to exploit vulnerabilities in the product to attack other products. Loading Loading @@ -1974,7 +1972,7 @@ Mitigations for Impact: * High to Low: MDOC or (MNET, MAMP) #### C.4.3.8 TH-MQSE: Masquerading authorized server ### C.4.9 TH-MQSE: Masquerading authorized server Attacker may masquerade as an authorized server to get unauthorized access to product assets. Loading Loading @@ -2004,7 +2002,7 @@ Mitigations for Impact: * High to Low: LOGG #### C.4.3.9 TH-LEAK: Data leak through side channels ### C.4.10 TH-LEAK: Data leak through side channels Attacker may use the ability to run arbitrary software on the product to get unauthorized read access to confidential data. Loading
